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Abstract 



QQ The construction of shortest feedback shift registers for a finite sequence Si, ... , Sn is considered 

CNj over the finite ring Z p r . A novel algorithm is presented that yields a parametrization of all shortest 

feedback shift registers for the sequence of numbers Si, ... , Sn, thus solving an open problem in the 
literature. The algorithm iteratively processes each number, starting with Si, and constructs at each 
step a particular type of minimal Grobner basis. The construction involves a simple update rule 
at each step which leads to computational efficiency. It is shown that the algorithm simultaneously 
q computes a similar parametrization for the reciprocal sequence Sn, ■ ■ ■ ,Si. 

T ~ H 1 Introduction 

> 

Minimal Grobner bases have been identified in the literature [5J Q3] as ideal tools for various types of 
minimal interpolation problems. Among the most fundamental of those is the problem of constructing 
shortest feedback shift registers for a given sequence of numbers Si, ... , Sn- This problem is motivated 
by coding applications as well as cryptographic applications. In recent coding theoretic papers [23, 12] 
a parametrization of solutions is used for the purpose of list decoding of Reed-Solomon codes. In this 
£N| paper we focus on the iterative construction of such a parametrization. 

The recent paper |14j provides a conceptual framework for a noniterative solution based on minimal 
Grobner bases. However, the "off the shelf" construction of the minimal Grobner basis leads to ineffi- 
ciency. In this paper we aim for an iterative Grobner-based solution much in the way of the efficient 
Berlekamp-Massey algorithm. Via a simple update rule, at each step k, the algorithm constructs a min- 
imal Grobner basis that yields a parametrization of all shortest feedback shift registers for the sequence 
Si, . . . , Sk for k — 1, . . . , N. Thus the Grobner basis construction is tailored to the problem at hand. 

We find that the use of minimal Grobner bases enhances the insightfulness of proofs due to the fact that 
we can explicitly use properties such as the 'predictable leading monomial property" , explained in the 
paper. 

For the field case, the idea of a Grobner based algorithm is already in the 1995 paper [5]. In fact, a closer 



inspection shows that the algorithm of [6J is practically identical to our algorithm in subsection 4.1 on the 
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field case. However, our formulation differs to such an extent that it leads to a reinterpretation of some 
of the auxiliary polynomials as shortest feedback shift registers for the reciprocal sequence Sn, ■ ■ ■ , Si- 
This connection with the reciprocal sequence leads us to results on bidirectionality which is relevant for 
cryptographic applications, see [25] , 

Most importantly however, our formulation enables our main result in subsection |4.2| which is an extension 
to sequences over the finite ring Z p r (where p is a prime integer and r is a positive integer). More 



specifically, Algorithm 4.8 is an iterative algorithm that constructs a parametrization of all shortest 
feedback shift registers for a sequence Si, ... , Sn in Zpr. Again, the algorithm proceeds by constructing a 
particular type of minimal Grobner basis at each step. This is where it differs from the 1985 Reeds-Sloanc 
algorithm from [53] which also constructs a shortest feedback shift register for a sequence Si , . . . , Sn in 
Z p r, as a generalization of the Berlekamp-Massey algorithm. In fact, our Grobner methodology yields 
a novel parametrization as well as insightful proofs, thus extending Massey's parametrization result to 
the ring case. Note that a parametrization for the Z p r case is posed as an open problem in the 1999 
paper [2"2"] . 

Our proofs and results on sequences over the finite ring Z p r are nontrivial and cannot be regarded as 



straightforward extensions from the field case. In fact, our methodology in subsection 4.2 relies heavily 
on a recently developed new framework [121 114) for dealing with polynomial vectors in Z p r[x] q . In our 
earlier paper |10j this methodology was applied to solve an open problem regarding minimal trellises of 
convolutional codes over 7L T< 



Further preliminary studies for this paper are [TB] and |llj . 



2 Preliminaries 

Minimal Grobner bases are recognized as effective tools for minimal realization and interpolation prob- 
lems, see e.g. 00 [TS]. In recent papers [TH [13] this effectiveness was ascribed to a powerful property 
of minimal Grobner bases, explicitly identified as the "Predictable Leading Monomial Property" . Before 
recalling this property let us first recall some terminology and basic results on Grobner bases. 

Recall that a ring is called Noe.the.rian if all of its ideals are finitely generated. Let us first present some 
preliminaries on polynomial vectors with coefficients in a noetherian commutative ring 1Z. Note that TZ[x] 
is then also a noetherian ring. 

We consider polynomials as row vectors. Let ei, . . . , e q denote the unit (row) vectors in lZ q . The elements 
x a ei with i € {1, . . . , q] and a € No are called monomials. Let us consider two types of orderings on 
these monomials, see also the textbook pQ: 

• The Term Over Position (top) ordering, defined as 

x a &i < x^ ej a < (3 or (a = /3 and i < j). 

• The Position Over Term (pot) ordering, defined as 

x a ei < x 13 ej :<^> i < j or (i — j and a < (3). 

Clearly, whatever ordering is chosen, every nonzero element / € 7?.[x] 9 can be written uniquely as 

L 

f = ^2ciXi, 
t=i 

where L E N, the Ci's are nonzero elements of 1Z for i = 1, . . . , L and X\, . . . , Xl are monomials, ordered 
as X\ > ■■ ■ > Xl- Using the terminology of [T] we define 
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• lm(/) := X\ as the leading monomial of / 

• lt(/) := c\X\ as the leading term of / 

• lc(/) := c\ as the leading coefficient of / 

Writing X\ = x ai e^, where oi\ £ No and i\ £ {1, . . . , q}, we define 

• lpos(/) := i\ as the leading position of / 

• deg(/) := a,\ as the degree of /. 

Below we denote the submodule generated by polynomials f\, /„ by (/i,.. .,/„). There are several 
ways to define Grobner bases, here we adopt the definition of pQ which requires us to first define the 
concept of "leading term submodule". 

Definition 2.1 ( lj) Let F be a subset oflZ[x] q . Then the submodule L(F), defined as 

L(F) := (lt(/) | / £ F) 
is called the leading term submodule of F. 

Definition 2.2 (pQ) Let M C ^[a;] 9 be a module and G C M. Then G is called a Grobner basis of 

M if 

L(G) = L(M). 

In order to define a concept of minimality we have the following definition. 

Definition 2.3 ([TJ Def. 4.1.1]) Let ^ f £ lZ[x] q and let F = {/i, . . . , f s } be a set of nonzero elements 
oflZ[x] q . Let Oij-t , . . . , otj m £ No and /3j t , . . . , /3j m be nonzero distinct elements oflZ, where 1 < j, < s for 
i = 1, . . . , m, such that 

1. lm(J) = x aj i hn^fj.) for i = 1, . . . ,m and 

2. lt(/) - p h x a h \t(f n ) + ■■■ + P jm x a ^ lt(f jm ). 
Define 

h:=f- ((3 jt x a ^ f h +---+ f3 jm x a ^ f jm ) . 
Then we say that f reduces to h modulo F in one step and we write 

f^h. 

If f cannot be reduced modulo F, we say that f is minimal with respect to F. 

Lemma 2.1 ( 1, Lemma 4.1.3]) Let f, h and F be as in the above definition. If f — > h then h — or 
lm(/i) < lm(/). 

Definition 2.4 (pQ) A Grobner basis G is called minimal if all its elements g are minimal with respect 
to G\{g}. 

Elements of a minimal Grobner basis have the convenient property that all their leading monomials are 
different from each other. In the case that TZ = F is a field, they have exactly dim (M) elements and 
exhibit another powerful property, see the next theorem which merely formulates a well known result. 
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Theorem 2.2 (|14p Let M be a submodule of¥[x] q with minimal Grobner basis G — {91, . . . , g m }- Then 
for any ^ / € M, written as 

f = ai9i H \-a m g m , (1) 

where a±, . . . , a m G F[x], we /lave 

lm (/)= max (lm(aiPi)). (2) 

Conform [2] we call the property of the above theorem the Predictable Leading Monomial (PLM) 

property. Note that this property involves not only degree information (as in the 'predictable degree 
property' first introduced in [7]) but also leading position information. The above theorem holds no 
matter which monomial ordering is chosen; here we only consider top or pot, but one could also employ 
reflected versions of top or pot, as in |14j or weighted versions of top or pot, as in [2J. 

The next corollary follows immediately from the above theorem. 

Corollary 2.3 Let M be a submodule of¥[x] 2 of dimension 2 with minimal Grobner basis G = {91,92}- 
Suppose that lpos((/2) = 2. Then g2 is the lowest degree vector in M with 2 as leading position. A 
parametrization of all such lowest degree vectors f is given by 

f = a-292 + ai9l, 

with 7^ ai G F and the polynomial a\ G ¥[x] chosen such that lm(ai<7i) < lm(<?2). 



Theorem 2.2 also leads to parametrizations of other types of minimal vectors in M. This is outlined in 
a general formulation in the next theorem. 

Theorem 2.4 Let M be a submodule of¥[x] q with minimal Grobner basis G — {g\, . . . ,g m }- Let £ G 
{1, . . . , m} and let V be a property of gp that is absent in span i^g{gi}. Then among all elements in 
M with property V , ge has minimal leading monomial. More specifically, a parametrization of all such 
elements is given by: 

f = am + y^ai9i, 

with 7^ G F and for all i ^ £ the polynomials a; G ¥[x] chosen such that lm(a,i<7i) < lm(gi). 



Proof Suppose / G M has property V and has minimal leading monomial. Obviously we can write 
/ as a linear combination of g±, . . . ,g m - Because of the assumptions on G, it follows that this linear 
combination must use gi. The parametrization now follows immediately from Theorem |2.2[ that is, 
the PLM property of G. In particular, it follows that lm(/) = lm^), that is, g# has minimal leading 
monomial among all elements in M with property V . 



Corollary 2.5 Let M be a submodule of¥[x] 2 of dimension 2 with minimal Grobner basis G = {91,92}) 
where g\ = \g\\ 912] and 92 = [921 922]- Suppose that 912(0) = and 922(0) 7^ 0. Then 32 is the lowest 
degree vector in M that satisfies 922(0) 7^ 0. More specifically, a parametrization of all lowest degree 
f = [fi $2] in M that satisfy /2(0) 7^ is given by 

f = a 2 g2 + ai9i, 

with 7^ a 2 G F and the polynomial a x G ¥[x] chosen such that lm(ai9i) < lm(g 2 )- 
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Proof Define / = [fx f^ to have property V if /2(C)) ^ 0. The result then follows immediately from 
the previous theorem. 

We also have the following theorem, which merely reformulates the wellknown result of [8] that the 
maximum degree of the full size minors of a row reduced polynomial matrix equals the sum of its row 
degrees, see also [2]. 

Theorem 2.6 Let M be a module in ¥[x] q . Let G = {gi, . . . ,g m } be a minimal Grobner basis of M 
with respect to the top ordering; denote the corresponding top degrees by £i := deg for i — 1, . . . , m. 
Let G = {gi, . . . ,g m } be a minimal Grobner basis of M with respect to the pot ordering; denote the 
corresponding pot degrees by £; := deg <?i for i = 1, . . . , m. Then 

m m 

5> = E**- (3) 

1=1 i=i 

We call the sum in ([3| the degree of M, denoted by deg (M). 

3 Grobner bases for modules in r L p r[x\ q 

In this section we turn our attention to the case where 1Z is a finite ring of the form Zpr where r is a 
positive integer and p is a prime integer. For the sake of completeness we repeat several preliminaries 
from P] and [13]. 

3.1 Preliminaries on Z p r 

A set that plays a fundamental role in this section is the set of "digits" , denoted by A p — {0, 1, . . . ,p—l} C 
Z p r. Recall that any element a G Z p r can be written uniquely as a = 9q + p6\ + ■ ■ • + p r 6 r -i, where 
0i e A p for £ = 0, . . . , r — 1 (p-adic expansion). 

Next, adopting terminology from [33], a scalar a in Z p >- is said to have order k if the additive subgroup 
generated by a has p k elements. Scalars of order r are called units. Thus the scalars l,p,p 2 , . . . 1 p r ^ 1 
have orders r, r — l,r — 2, . . . , 1, respectively. For any choice of monomial ordering (top or pot), we 
extend the above notion of "order" for scalars to polynomial vectors as follows. 

Definition 3.1 The order of a nonzero polynomial vector f € *Z p r-[x] q , is defined as the order of the 
scalar lc(/) , denoted as ord (/). 

To deal with zero divisors occurring in Z p r[x] 9 , it is useful to use notions defined in |12j of "p-lincar 
dependence" and "p-generator sequence" (such notions were first introduced for "constant" modules, i.e., 
modules in TL q pT in 26J). 

Definition 3.2 ([12]) Let {vi, . . . ,vn} C Z p r[x] q . A p-linear combination of vi, . . . ,vn is a vec- 

N 

tor 'y ' a>jVj, where Oj 6 for j = 1,...,N. Furthermore, the set of all p-linear combinations of 

3=1 

V\, . . . , vn is denoted by p-span{wi, . . . , v/v} ; whereas the set of all linear combinations of v\, . . . , vn 
with coefficients in Z p r-[x] is denoted by span {vi, . . . , vn}- 

Definition 3.3 ([H]) An ordered sequence (yi, . . . , Ujv) of vectors in Z p r- [x] q is said to be a p-generator 
sequence if pv^ = and pv, L is a p-linear combination ofvi+i, . .. ,vpf for i = 1, . . . , JV — 1. 



5 



Theorem 3.1 (\l'2\) Let v%, . . . , vn £ Z p r [x] q . If (v\, . . . , vn) is a p-generator sequence then 

p-span {wi,..., v N } = span {v±, . . . , vjv}. 
/n particular, p— span . . . , w^v} is a submodule of Z p r[x] q . 

All submodules of Z p r[x] 9 can be written as the p-span of a p-generator sequence. In fact, if M = 
span {<7i, . . . , <? m } then M is the p-span of the p-generator sequence 

(gi,pgi, ■ ■ ■ ,p r ~ 1 gi,g2,pg2, ■ ■ ■ ,p r_1 32, ■ ■ -,g m ,pg m ,-- ■ ,p r ~ 1 g m ). 



Definition 3.4 ([12]) The vectors vi,...,vn £ ^ P r [x] q are said to be p-linearly independent if the 

only p-linear combination of V\, . . . , that equals zero is the trivial one. 

Definition 3.5 (|12jl Let M be a submodule ofZ p r[x] q , written as the p-span of a p-generator sequence 
(v\, • • • , vn). Then {v\, • • • , Vjsr) is called a p-basis of M if the vectors V\, . . . , vn are p-linearly indepen- 
dent in Z p r[x] q . 

For consistency with the field case, here we call the number of elements of a p-basis the p-dimension of 
M, denoted as pdim (M). The following definition adjusts the PLM property from the previous section 
to the specific structure of Z p r- . 

Definition 3.6 ([2]) Let M — p— span {v%, . . . ,fjv} be & submodule ofZ p r[x] q . Then {vi, . . . ,vn} has 
the p-Predictable Leading Monomial (p-PLM) property if for any 7^ / G M, written as 

f = a 1 v 1 -\ \-a N v N , (4) 

where ai, . . . , a/v G -4 p [x], we have 

lm (/) = ^.max (lm(ai/i)). 

Note that, in contrast to the field case of the previous section, the above definition requires G -A p [a;] 
rather than a% G lZ[x]. 

The next theorem is the analogon of Theorem |2.4[ we omit its proof as it is very similar to the proof of 
Theorem [231 

Theorem 3.2 Let M = p— span {vi,..., vj^} be a submodule of Z p r[x] q . Assume that {v\, ... ,v/v} has 
the p-PLM property. Let, for some £ £ {1, . . . ,m}, V be a property of vi that is absent in p-linear 
combinations of the other Vi 's. Then among all elements in M with property V, vi has minimal leading 
monomial. More specifically, a parametrization of all such elements is given by: 

f = a t v e + ajVi, 

with 0^fl(6 A p and for all i ^ £ the polynomials a,i £ A p [x] chosen such that lm(a,Vj) < lm(i^). 

The above theorem gives rise to two corollaries. The first corollary is the ring analogon of Corollary |2.3| 

Corollary 3.3 Let M — p— span {v\, . . . , v 2r } be a submodule ofZ p r[x] 2 . Assume that {v%, . . . , v 2r } has 
the p-PLM property. Let j* be such that lpos(pj*) = 2 and ord(«j*) = r. Then Vj* is the lowest degree 
vector in M that has order r and leading position 2. A parametrization of all such lowest degree vectors 
f is given by 

f = avj* + ^ a * v ^ 

ie{l,...,2r}\{i*} 

with O^oe A p and for all i 7^ j* the polynomials ai £ A p [x] chosen such that lm(ajUj) < lm(vj*). 
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Proof Clearly all vectors in {vi, . . . , V2r} must have either different orders or different leading position, 
for otherwise the p-PLM property would not hold. In particular, this implies that j* is unique. Now 
define / to have property V if ord f — r and lpos(/) = 2. It follows that this property is absent in 



p-linear combinations of the v^s with i G {1, . . . , 2r}\{j*}. The result now follows from Theorem 3.2 
The next corollary is the ring analogon of Corollary 1 2.5 1 



Corollary 3.4 Let M = p— span {vi, . . . ,V2r} be a submodule ofE p r[x] 2 . Assume that {v\, . . . ,i>2r} has 
the p-PLM property and write Vi = [vn Ua] for i = 1, . . . , 2r. Also assume that 

^2(0) = for i = 1, . . . , r and ord Vi2{0) = 2r — i + 1 for i = r + 1, . . . , 2r. (5) 
Then a parametrization of all lowest degree f = [fi / 2 ] in M with ord /2(0) = r is given by 

f = a r+1 v r+1 + ^2 a i v i> 

with 7^ a r+ i € A p and for all i ^ r + 1 the polynomials G ^Ipfx] chosen such that ]m(a,iVi) < lm(u r+1 ). 

Proof Define / = [f\ / 2 ] to have property V if ord /2(0) = r, that is, /a(0) is a unit. The result now 
follows immediately from Theorem |3.2| 



The question arises whether p-bases with the p-PLM property exist. The affirmative answer is provided 
by the next theorem from (T3] which is the ring analogon of Theorem 2.2 the theorem shows that the 
natural ordering of elements of a minimal Grobner basis gives rise to a p-basis with the p-PLM property. 



Theorem 3.5 (\14V Let M be a submodule ofZ p r[x] q with minimal Grobner basis G = {g\, . . . ,g m }, 
ordered so that lm(<7i) > • • • > hn(g m ). For 1 < j < m define 

fi 3 ■= ord (gj) - ord {g l ), 

where i is the smallest integer > j with lpos(c/i) = lpos((?j). If i does not exist we define j3j :— ord (gj). 
Then N = pdim (M) = (3\ + fa + • ■ • + fim o-nd the sequence V given as 

V = (gi,pgi, ■ ■ ■ ,p l3l ~~ 1 gi,g2,pg2, ■ ■ ■ ,p f>2 ~ 1 g2, ■ ■ ■ ,g m ,pgm, ■ ■ ■ ,p Pm ~ 1 g m ) 

is a p-basis of M that has the p-PLM property. 

Conform [T3] we call V a minimal Grobner p-basis of M. Note that the degrees of vectors in V are 
nonincreasing. 



4 Iterative algorithm 



Let TZ be a noetherian ring, as in the previous sections. Consider a sequence Si,.. . ,Sn over TZ. A 
polynomial A(x) = Ao + Xix + • • • + \lx l G H[x], with A a unit is called a feedback polynomial of 
length L if 

L 

AoSl+j + ^2 ^ s L+j-i = for j = 1, . . . , iV - L. 

i=l 

Note that A^ may be zero. Now consider the module M in 7?.[a;] 2 defined as the rowspace of 

x N+1 
-{S N x N + Sn^ix"- 1 + ■ ■ ■ + Six) 1 



(6) 
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We seek to find a lowest top degree vector [j(x) A(x)] in M for which A(0) is a unit. In terms of 
trajectories this vector can be interpreted as an annihilator: we have [—7(c) A(cr)] b = 0, where a is 
the forward shift operator and b : Z_ i-> 7Z 2 is given by 



b := 



" " 




' 1 " 






















1 







. Si _ 


) 


. S 2 _ 


7 ' ■ ' 7 




) 



(7) 



Our objective in this paper is to develop an iterative algorithm to construct feedback polynomials of 
shortest length. This length is called the complexity of the sequence. We require the algorithm to 
construct, at each step k, an annihilator for a N ~ k b of lowest top degree. 

Remark 4.1 Note that the requirement to process Si, . . . ,Sk at step k (rather than Sn, ... , SN-k+i) 
necessitates our formulation in terms of "feedback polynomial" A, rather than its reciprocal version, 
denoted as d in [T3] . In this paper we call d a characteristic polynomial of the sequence Si,..., Sn ', the 
degree of a minimal characteristic polynomial equals the complexity of the sequence. Thus, a polynomial 
d written as d{x) — d L x L + ■ ■ ■ + d a is a characteristic polynomial of Si, . . . , Sn if d^ is a unit and 

L 

dLS L +j + ^ d-L-iS L +j-i = for j = 1, . . . , N - L. 



Consider the reciprocal module M rec in 7Z [x] 2 , defined as the rowspace of 

x N+1 
-(S lX N + S 2 x N - 1 + ■ ■ ■ + S N x) 1 



(8) 



It is easily verified that a minimal characteristic polynomial d for Si, . . . , Sn is found in any vector 
[h d] in M rec of leading position 2 that has minimal leading monomial, see [2]. Note that, by defi- 
nition, whenever Xl is a unit, a feedback polynomial X(x) = Ao + \ix + • • • + X^x L of length L for a 



sequence Si, ... , Sn also serves as a characteristic polynomial of the reciprocal sequence Sn, 
a polynomial is called bidirectional as in [25], see also |23| . 



, Si; such 



4.1 The field case 

In this subsection we focus on the case that 1Z is a field F. Note that F is not required to be finite. 
The Berlekamp-Massey algorithm is a famous iterative algorithm that constructs a feedback polynomial 
of shortest length for a sequence Si,... , Sn in F. It processes a new data element Sk at each step k 
for k = 1, . . . ,N and then produces a feedback polynomial of shortest length for Si,...,Sfc. In this 
subsection we present an algorithm that is identical to the Berlekamp-Massey algorithm apart from a 
slight modification of the update rule. Due to this modification, our algorithm iteratively constructs a 
minimal Grobner basis at each step. The algorithm shares several useful properties with the Berlekamp- 
Massey algorithm, namely that it processes the data in a natural order and that it allows us to read 
off the solution at once. A closer inspection shows that the algorithm of [6] is practically identical to 
our algorithm. Our formulation is different however, using 2x2 polynomial matrices, as in Berlekamp's 
original work [3], see also its formulation in the textbook 0]. This formulation facilitates explicit use of 
the PLM property yielding a parametrization of all solutions as well as a result on the reciprocal sequence, 
see Theorem |4 . 5 1 below. Furthermore, this formulation facilitates an extension to sequences over the finite 



ring Z p r, presented in subsection 4.2 below. This extension proves nontrivial as it involves a careful use 
of the minimal Grobner p-bases of the previous section. 

In this subsection we focus on modules in F[cc] 9 , where F is a field. In section[2]minimal Grobner bases were 
defined, they can be computed for any module using computational packages such as Singular. Here we 
will not use such packages, instead we iteratively construct minimal Grobner bases in a computationally 



8 



efficient way. In order to be able to do this we first need to answer the following question: given a set of 
vectors in M, how do we recognize this set as a minimal Grobner basis? The next theorem considers the 
special case in which M is a full rank module; the theorem holds for either top or pot monomial ordering 
and uses the definition of a module's "degree" following from Theorem |2.6| 

Theorem 4.2 Let M € ¥[x] q be a module of dimension q and degree S and let G = {gi(x), . . . ,g q (x)} C 
M. Then G is a minimal Grobner basis of M if and only if the following two conditions hold: 

i- X! dcg gi = 6; 

i=l 

2. all leading positions of the vectors gi(x), . . . , g q {x) are different. 



Proof Let G = {gi, . . . ,g q } be a minimal Grobner basis of M, ordered as lm(gi) > lm(g 2 ) > • • ■ > 
lm(g q ). Let i e {l,...,q}. It is obvious that all leading positions of g\ (x), g q (x) are different. Without 
restrictions we may therefore assume that q j an d gi have the same leading position. The predictable 
leading monomial property of G (see Theorem 2.2 1 now implies that gi is a linear combination oig\,...,g q 
that uses (ji and it follows that lm(^i) > lm(^i). Since gi and gi have the same leading position, this 
implies that deg > deg gi. Consequently, by condition 1) of the theorem 

Q 1 

8 = ^2 deg gi > ^ deg & = S, 

i=l i-1 

so that it follows that deg <?, = deg gi for i = 1, . . . , q. We also conclude that \t(gi) = aj lt(gi) for some 
^ di G F for i = 1, . . . , q. As a result L(G) = L(G) = L(M), so that, by Definition^ 



2.2 



G is a Grobner 

basis for M. Furthermore, clearly G cannot be reduced, so that G is a minimal Grobner basis for M. 

In the next algorithm the unit vectors e\ and e 2 are defined as e\ :— [1 0] and e 2 := [0 1]; the two 
rows of the matrix R k are denoted by g\ and g%, respectively. Recall that a denotes the forward shift 
operator. 

Algorithm 4.3 Input data: Si,..., Sn- 
Initialization: Define 

' x 



1 



R°(x) := 

Proceed iteratively as follows for k = 1, . . . , N. 

• Define the error trajectory 

e k :=(..., 0,0,A fc ):=.R fe -V)bfc, 
where b^. is given as b^. :— cr N ~ k h, with b given by 

• Denote A k = [ A k A| ] T . 

• Define V k := {i G {1, 2} : A* ^ 0}. 

• Define i* :— arg min ie -pk{lm(g k ~ 1 )}. 

• Define the update matrix E k (x) :— -^re\ei<- + e\{~A\e\ + A^). 



Define R k (x) := E k (x)R k ~ 1 {x) 



Output: R(x) := R N (x) 
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Lemma 4.4 Let Si, ... , Sn be a se quence over a field ¥ and let k £ {0, . . . , N}. Let R k be the matrix 
obtained by applying Algorithm 4-3 to Si, . . . , S k . Denote the two rows of R k by g k := [g k x g k 2 ] and 



92 := [521 522] • Then, with respect to the top monomial ordering: 
i) dcg g k + deg g% = k + 1 
ii) \pos(g k ) ^ lpos(fl#) 
m )g k (0) = [0 0] andg k 2 (Q) = 1 

iv) &. k+1 = 1 

v) R k {o-)b k = 

Proof Clearly the lemma holds for k — 0. Let us now proceed by induction and assume that the lemma 
holds for some k £ {0, 1, . . . ,N — 1}. To prove (iv) we observe that, by definition, g k+1 (x) — ? +1 g k (x) 

if i* = 1, or g k+1 {x) = -rhrg k (x) if i* = 2. Thus, if i* = 1 then 

^ +1 (a)b fe+2 = -l_^(a)<7b fc+2 = -J Tr ^( f7 )b )t+1 = -^(. . . , 0, 0, A^ +1 ) = (...,0,0,1), 
A i A i ^1 

in other words A k+2 = 1. Similarly, if i* =2 then also g k+1 (a)h k+2 = (...,0,0,1), so that also in 
this case A k+2 = 1. To prove (v), observe that R k+1 (x) := E k+1 (x)R k {x) so that R k+1 (o-)b k+1 = 
E k+1 (a)R k (a)h k+ i = E k+1 (a)e k+ i equals the zero trajectory by definition of E k+1 . Thus (v) holds. 
Further, using again the definition of E k+1 as well as the induction hypotheses, it follows that (i)-(iii) 
hold. Thus all properties hold for fc + 1 and this proves the lemma by induction. 



Theorem 4.5 Let S%, . . . , Sjv be a sequence over a field ¥ and let R be the matrix obtained by applying 
Algorithm 4-3 to S±, . . . , Sn . Denote the two rows of R by gi = [gn 312] and gi = \gn 9ti\', denote L :— 



deg gi and L := deg 52 with respect to the top monomial ordering. Then the complexity of the sequence 
equals L and g 2 2 is a feedback polynomial of shortest length L. More specifically, a parametrization of all 
shortest length feedback polynomials is given by 



ag22 + bgi2, 



(9) 



where O^aGF and b £ ¥[x] such that deg b < L — L. 

Furthermore, if lpos((72) = 2 then the feedback polynomial gi2 is bidirectional and also parametrizes 
all bidirectional minimal characteristic polynomials of the reciprocal sequence Sn, ■ ■ ■ ,Si. Otherwise, i.e. 
if lpos((?2) = 1 then the complexity of the reciprocal sequence S^i ■ ■ ■ , Si equals L and gn is a minimal 
characteristic polynomial of Sn , . . . , Si . More specifically, a parametrization of all minimal characteristic 
polynomials of Sn, . . . , Si is given by 

agi2 + bg 2 2, (10) 

where ^ a £ ¥ and b £ ¥[x] such that deg b < L — L. In particular, any choice of b £ ¥[x] such that 
deg b < L — L and b(0) ^ gives a bidirectional minimal characteristic polynomial of Sn, ■ ■ ■ , Si. 



Proof Let M be defined as the row space of ([6]). From Theorem 4.2 and (i) and (ii) of the previous 
lemma, it follows that for all fc £ {0, . . . , N} the set {g k , g k } is a minimal Grobner basis for the row space 
of 



P k+1 



-(S k x k + S k -ix 



k-l 



Six) 
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The theorem now follows immediately from Corollary |2.5| The statements on the reciprocal sequence 
follow immediately from Remark 4.1 and Corollary |2.3| (note that lpos(<?2) = 1 implies that lpos(gi) = 2). 



Example 4.6 Consider the sequence Si , 5*2 , S3 , 5*4 , S$ = 4,0,4,4,2 over the field Z 5 . Application of 
Algorithm\4-3\ yields: 



A 1 = 
A 2 = 
A 3 = 
A 4 = 
A 5 = 



V 1 


= {1,2}, 


i* = 2, 


R 1 {x 


V 2 


= {1}, 


i* = l, 


R 2 (x 


V 3 


= {1,2}, 


1* =2, 


R 3 (x 


V i 


= {1,2}, 


i* = l, 


R 4 (x 


V 5 


= {1,2}, 


i* = 2, 


R 5 (x 



Ax 

1 1 
x ' 
1 

Ax 

1 1 
x ' 
1 1 

Ax 

1 1 



R°(x) = 
R 1 (x) = 

R 2 {x) = 
R 3 (x) = 

R A {x) 



Ax 
x 1 
4a; 2 
x 1 
4a; 2 4a; 
x Ax 2 + 1 
Ax 3 Ax' 2, 
Ax 2 + x Ax 2 + Ax + 1 
x 3 + Ax 2 x 3 + a 
Ax 3 + Ax 2 + x 3.x 2 + Ax + 1 



4a; 



By the above theorem, the complexity of the sequence equals L = 3 and 3a; 2 + 4a; + 1 is a shortest length 
feedback polynomial. The complexity of the reciprocal sequence 2,4,4,0,4 equals L = 3 and x 3 + : 



■ z + Ax 

serves as a minimal characteristic polynomial of 2, 4, 4, 0,4. From the parametrization (10) we see that 
there is only one monic bidirectional minimal characteristic polynomial with value 1 at x = 0, namely 
(x 3 + x 2 + Ax) + (3a; 2 + 4a; + 1) = a; 3 + 4a; 2 + 3a; + 1 . 

Remark 4.7 The earlier paper [15] formulates the Berlekamp-Massey algorithm in a similar format as 
Algorithm |4.3| From this it is clear that Algorithm |4 . 3| differs from the Berlekamp-Massey algorithm only 
in the definition of i* . More precisely, in the Berlekamp-Massey algorithm i* equals the largest integer i 
in V k such that 1 has minimal degree. Application of the Berlekamp-Massey algorithm in the above 

4a; 2 4a; 

example gives the same first three steps leading to R (x) = 



steps give a different result: 



4a; 2 



1 



However, the next two 



A 4 = 
A 5 = 



, P* = {1,2}, i* = 2, R\x) = 
, V 5 = {1,2}, i*=2, R 5 (x) = 



" 4a; " 
1 1 


i? 3 (a;) = 


' Ax ' 

1 1 


i? 4 (x) = 



C 2 X 3 

4a; 2 + x Ax 2 

r.3 I A~2 



x" + Ax 
3x 2 



Ax + 1 

3 1 „1 



x 



x 



X" + X 
3 1 A ™2 



Ax 



Ax z + 3x + 1 



In particular we see that here the rows of R do not constitute a minimal Grobner basis, since both rows 
have leading position 2. Similarly, the rows of R 5 do not constitute a minimal Grobner basis. Thus this 
example illustrates a main difference between the Berlekamp-Massey algorithm and our Algorithm |4.3| by 
keeping track of leading position information, our algorithm produces a minimal Grobner basis, whereas 
the Berlekamp-Massey algorithm does not necessarily produce a minimal Grobner basis since it only keeps 
track of degree information. The advantage of the Grobner formulation is that it allows for a transparent 
extension to the ring case, as detailed in the next subsection. 



4.2 The ring case 

In this subsection we present our main result which is an algorithm that extends the algorithm from 
the previous subsection to the ring case. We focus on a finite sequence Si, ... , Sn from Z p r and seek to 
construct a feedback polynomial of shortest length (including parametrization) by iteratively processing 
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the data in the natural order Si,..., Sn- Again our key object of interest is the module M defined as 
the row space of Our algorithm constructs a 2r x 2 polynomial matrix R whose rows are a p-basis 
for M that has the p-PLM property. 

In the next algorithm the 2r rows of the matrix R k are denoted by v k , 



Algorithm 4.8 Input data: Si,..., Sn- 
Initialization: Define 



R°(x) : 

Proceed iteratively as follows for k = 1, 

• Define the error trajectory 



r—l 
p X 




1 

rf-1 



.,N. 



e fc := (...,0,0,A fc ) := JJ*-»b fc , 
where bfe is given as := o~ N ~ k b, with b given by 



• Denote A fe = [ A k 
for i= 1,2,..., 2r. 



A 



and let 9f be a unit and £f € {1, . . . , r} such that Af = 



fc„C-i 



• De/me "P£ :={ie{l,..., 2r} : Af = 0}. 

• For j = l,...,r, define V* := {i € {1, . . . , 2r} : = j}. 

• Define i* as the largest index i in V k for which lm(tij ) is minimal. 

• Define the update matrix E k (x) as 



E k (x) := E^+E 



• De/me i? fe (x) := E k (x)R k - 1 (x). 
Output: := ^(at). 



Lemma 4.9 Let Si, . . . , S n be a sequence over Z p r and let k G {0, . . . , N}. Let R k be the matrix obtained 
by applying Algorithm 4-8 to Si, . . . , Sf.. Denote the rows of R k by v k , . . . , v k r ; denote v k := [v^ v k 2 ] 



for j = 1, . . . , 2r. Then, with respect to the top monomial ordering: 
i) deg v k + ... + deg v\ r = r(k + 1) 

ii) if hj G {!)•••) wii/i i 7^ i/ien lpos(w l fe ) = lpos(w* : ) ord(uf) 7^ ord(t>|) 
mj A)' +1 = pi- 1 forj = l,...,r 
iv) R k {o-)h k = 
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Proof Clearly the lemma holds for k = 0. Let us now proceed by induction and assume that the lemma 
holds for some k € {0, 1, . . . , N— 1}. To prove (hi), let j € {1, . . . , r}. By definition, v k+1 (x) = -g^v^ix) 

if ij = i) an d v k+1 (x) — ^fxV^,(x), otherwise. Thus in case i* = j we have 

v k+1 {a)h k+2 = — ^(a)<7b fe+2 = -j^v^^hk+x = (..^O.O,^- 1 ). 

9 3 6 J 

In case i* ^ j it follows in an entirely similar way that v k+1 (a)hk+ 2 = (■ • • , 0, OjP 7-1 ). Thus (iii) holds. 
To prove (iv), note that R h+1 (a)hk+i = E k+1 (a)R k (a)hk+i — E k+1 {a)ek+i equals the zero trajectory 
by definition of E k+1 . In other words, (iv) holds. By definition, in the update operation R k+1 = E k+1 R k 
the degrees of exactly r rows of R k are increased by 1, so that (i) holds by induction. Similarly, it is 
easily seen from the definition of E k+1 that (ii) holds by induction. 



Lemma 4.10 Let Si, . . . , Sat be a sequence over Z p r, let M be the module defined as the row space 
of Q). Let R be the matrix obtained by applying Algorithm 4-8 to Si, ... , Sn ■ Denote the rows of R by 
Vi, . . . ,V2r- Then {vi, . . . ,v 2r } is a p-basis of M that has the p-PLM property. 



Proof Let V = (vi,, 
by definition, 



i V2r) be a minimal Grobner p-basis of M, as defined in Theorem 
lm(vj + i) < lm(wi) for i = 1, . . . , 2r — 1. 



3.5 



Note that, 
(11) 



(12) 

lpos(w) = 2}, there exists a 



col (v, (f)(v)) = U(x) 



and for i < j we have 

lm(-Di) = hn(vj) ord(-Di) > ord(-Dj). 
As a result, defining G\ := {v € V \ lpos(v) = 1} and G 2 {v e V 

bijection <fi : G\ — > G 2 such that ord((f>(v)) = r + 1 — ord(u) for all v S G\. Clearly deg det col (£>, <f>(v)) 
deg v + deg 4>(v) for all v € G\. On the other hand, 

x N+1 
~(S N x N + Sn-xx"- 1 + ■ ■ ■ + S lX ) 1 

for some polynomial matrix U(x), so that deg v + deg <fi(v) > N + 1 for all v E G\. As a result, 

2r 

J^degw, >r(JV+l). (13) 

i=l 

Let us now examine {v\, . . . ,v 2r }, where v\, . . . ,v 2r are the rows of R. It follows from Lemma |4.9| (ii) 
that, for j = 1, 2, there are r vectors in {v\, . . . , v 2r } of leading position j that each have a different 
order. This implies that there exists a permutation g on {1, 2, . . . , 2r}, such that lj>os(v g ^) = lpos(wi) 
and ord(u g (i)) = ord(wi) for i = 1, . . . , 2r. Also, can be expressed as a p-linear combination of the 



"Dj's. By Theorem 3.5 the sequence (v\, . . . , v 2r ) has the p-PLM property, so that this linear combination 



must involve Vi and it follows that hn(v g ^) > lm(^). Since we are using the top monomial ordering, 
this implies that deg {v g ^) > deg (vi). It now follows from (13) and Lemma 4.9 (i) that equality must 



hold, that is, deg (v g ^)) = deg (ii) for i = 1, . . . , 2r. In summary we thus have for i = 1, . . . , 2r 

lm(v 9 (i)) = Im(-Uj) and ord(u ff(i )) = ord(«j). (14) 



We next prove by induction that (i> fl (i),. 
First (i = 2r) we observe that we must have v 
p-generator sequence, it follows that 



v g(2r)) is a p-generator sequence whose p-span equals M. 
g(2r) — a 2r v 2r for some unit a 2r . Since (v%, . . . , U2 r ) is a 

P v g(2r) = a 2r pv 2r = (15) 
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and v 2r — a 2r v g(2r) G P~~ span {w g (2r)}- Proceeding by induction, we assume that for some i = k + 1 G 
{2, . . . , 2r} the sequence (v g u), • • • , w s (2r)) is a p-generator sequence with 



p-span (v g (i), ■■■ , v g (2r)) = p-span (v t 
Since «2r) is a p-basis of M, we can write 



,V 2r ). 



J'=l 



for some dj € ^4 p [x]. The p-PLM property of (•»!,... ,v 2r ) together with (11), (12) and (14) implies that 



aj = for j < k and that is a nonzero constant. Thus, 

v g(k) = afcWfc + u with u € p— span (iik+i, ■ • • , «2 r ) and a unit. 

Then pv 5 ( fc ) = a fc pu fc +p» £ p-span (v k+1 ,--- ,v 2r ), so that pv g ( k) G p-span (u 9 (fe+i) , • • • ,u fl (2r)) by 
the induction hypothesis. As a result, % = a^ 1 Vg^ — a^ 1 v € p— span {tVfc), • • ■ , t> 9 (2r)}- I n conclu- 
sion, for i — k we have {v g u), ■ ■ ■ ,v g r 2r \) is a p-generator sequence and p— span {u s (j), • • • , v g / 2r ^} = 
p— span {it, . . . , «2r} ■ By induction it now follows that (v g n\, • ■ • , v g (2r)) is a p-generator sequence with 
p— span {w 9 (i) , . . . , v g (2r) } = p— span {ii, . . . , v 2r } — M. Finally, we prove that {vi, . . . ,v 2r } has the 
p-PLM property. For this, let 

/ = aiVi H ha 2r U2r (16) 

with ai, . . . , a2 r € ^4 p [x]. Evidently lm(/) < maxi<i<2r-;a.i^o(lm(aj«i)). As a result, in order to prove the 
p-PLM property we need only prove that this upperbound is reached. By grouping together all vectors 



a,iVi in (161 that have the same leading position we write 

/ = /i + / 2 , 



where fj 



if position j is not used in ( 16 1 
(ii) of Lemma 4.9 that lpos(/j) = j for j 
lm(/j) = lm(a* for some 



It now follows from the p-adic decomposition and 
1,2 whenever fj ^ 0. More specifically, we then have 
, 2r}. In case either f\ — or f 2 — the p-PLM property then 



follows immediately. In case both f\ and f 2 are nonzero we recall that their leading positions differ so 
that, without restrictions, we may assume that lm(/i) < lm(/2). Then lm(/) = lm(/2) = lm(a^ 2 u^ 2 ), 
which proves the p-PLM property. The property implies, in particular, that {v%, . . . ,v 2r } is a p-basis of 
M. 



Lemma 4.11 Let Si, . . . , Sn b e a sequence over Z p r- and let k £ {0, ...,N}. Let R k be the matrix 
obtained by applying Algorithm 4-8 to Si,...,Sk, with rows v k ,...,v 2r ; denote := \yn x Vj 2 ] for 
j = 1, . . . , 2r. Then 

i)v k (0) = [0 0]forj = l,...,r 



ii) ord(uy 2 (0)) = 2r — j + 1 for j = r + 1, 



, 2r 



Hi) lm(vj) > lm(vj +1 ) for j = r + 1, . . . , 2r — 1 with respect to the top monomial ordering. 
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Proof All conditions are obviously satisfied for k = 0. Let us now proceed by induction and assume 
that the lemma holds for some k <G {0, 1, . . . , N — 1}. 



To prove (i), first note that, by Lemma 4.9 (hi), we have j € Vf' for j € {1, . . . , r}. As a result, for 
any j £ {l,...,r} we have 1 (:r) = xvj(x), if z* = j, and = ^rr«f»(a:), otherwise. Thus 

Vj +1 (0) = [0 0]. To prove (ii), let j € {r + 1, . . . , 2r}. We distinguish two cases: 
Case 1: j £ Vq. Then vj +1 (x) = Vj(x) and (ii) follows immediately by induction hypothesis (ii). 
Case 2: j € V\ for some £ € {1, . . . , r}, i.e., A* = O'-p 1 ' 1 for some unit 0*. We distinguish four subcases: 
Case 2A: i\ = I. Then 9$ = 1 so that v k+1 (x) = -8*v$(x) + v$(x). Since i>£(0) = [0 0] by induction 
hypothesis (i), it follows that v k+1 (0) = w|(0) so that (ii) holds by induction hypothesis (ii). 
Case 2B: i\ — j. Then again Vj +1 (x) — —6jV^(x) + v'-(x) and the reasoning proceeds as in case 2A. 
Case 2C: i\ > j. Then v k+1 (x) = —9^vf*(x) + 9*,Vj(x). By induction hypothesis (ii), ord(uf* 2 (0)) < 
ord(u£ 2 (0)), so that ord(^ 2 +1 (0)) = ord(u* 2 (0)) = 2r - j + 1. 

Case 2D: i\ < j and i\ ^ I. By definition of i\ and induction hy pothe sis (iii) this case cannot happen 
To prove (iii), let j E {r + 1, . . . , 2r — 1}. Because of Lemma 



4.10 



fc+i 

CIO d jJ-LLL 
lief 11 



we can write JWj as a p-linear 



combination of . . . , v^ 1 - Because of (i) and (ii) above, this p-linear combination must use v k+1 

and it follows that lm(pVj) > lm(v^ +1 ) which implies that lm(vj) > \m(v!- +1 ), i.e. (iii) holds. 

We now present our main result. 

Theorem 4.12 Let Si, . . . , Sn be a sequence over Z p r and let R be the matrix obtained by applying 



Algorithm 4-8 to Si, ... , Sn- Denote the rows of R by v\, . . . , w 2r ; denote L := deg v r+ i with respect to the 
top monomial ordering. Then the complexity of the sequence equals L and vi r +i)2 is a feedback polynomial 
of shortest length L. More specifically, a parametrization of all shortest length feedback polynomials is 
given by 

<W(r+l)2 + X! a 3 V j2, 

je{l,...,2r}\{r+l} 

with O^ae A p and for all j =/= r + 1 the polynomial a,j € »4 p [a;] chosen such that deg (aj) < L — degVj. 
Furthermore, let j* be such that lpos(«j* ) = 2 and OTd(yj* ) = r. Let L := deg Vj* . Then the complexity of 
the reciprocal sequence Sn Si equals L andvj*2 is a minimal characteristic polynomial of Sn, ■ Si- 
More specifically, a parametrization of all minimal characteristic polynomials of Sn, ■ ■ ■ ,Si is given by 

dVj*2 + ^ a 3 v ]2, (17) 

r ! 2r] [j*] 

with ^ a € A p and for all j ^ j* the polynomials Oj € A p [x] chosen such that deg (aj) < L — degVj. 
In particular, if j* = r + 1 then Vj*2 is bidirectional and |7?|) also parametrizes all bidirectional minimal 
characteristic polynomials of the reciprocal sequence Sn, ■ ■ ■ , S\. Otherwise, i.e. if j* =/= r + 1 then any 
choice of a r+ i € A p [x] such that deg (a r +i) < L — degv r +i and a r +i(0) ^ gives a bidirectional minimal 
characteristic polynomial of Sn, ■ ■ ■ , S±. 

Proof The first parametrization follows immediately from Lemma |4.10[ Lemma |"4.11| and Corollary |3.4| 



Let us now consider the reciprocal sequence in order to prove the second parametrization (17). From 



Remark |4.1| we know that a minimal characteristic polynomial of Sn ,...,Si is given by a vector of M 



with leading position 2 and order r, of minimal degree. By Lemma 4.10 the set {vi, . . . , V2r} is a p-basis 



of M with the p-PLM property. Corollary 3.3 now implies (17). 
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Example 4.13 Consider the sequence 6, 3, 1,5, 6 over the ring Zg (as in the example in JS^j). Application 
of Algorithm \4-8\ yields: 



A 1 



■ 7>o={4}, Vl={l}, 7>!={2,3}, i? = l, *^ = 3 



E x (a;) 



x 

5a; 

7 10 

1 



i?°(a;) 



A 



n={4}, ^ = {1}, ^2 ={2,3}, *J = 1, i ^ = 3 



, it 


= 1, 


X 2 








5x 


—6a; 


1 





3 




= 1, 



R 2 {x) 



X 

















a; 








-1 


1 














1 



R\x) 



x 3 
3a; 2 x 

-6x Ax + 1 
3 



A 3 = 



1 

3 
4 
3 



T 3 = ®, Vf = {l,3}, Vl = {2,4}, ij=3, i* 2 =A, 



R 3 (x) 



A" 



R 4 (x) 






a/4 








x 


-4 





1 





-1 


1 




= {3}, 


v\ = 








x/5 ' 





x 








1 





-5 





1 



R 2 (x) = 



x 2 + 7x 



3a; 2 

3a; 

-4a; 3 - 6x Ax + 1 

6a; 2 8a; + 3 



R s (x) 



3a; 3 7a; 2 + 6a; 

3a; 2 

-4a; 3 - 6a; 4a; + 1 




4a; 2 +3 

P o 5 =0, = {1,3,4}, Vl = {2}, ij=4, i5 = 2, 



i? 5 (a;) 



x/A 
0x00 
4 -8 
-4 1 



R 4 {x) 



x 3 + 3.T 
3a; 3 



2a; 3 - 6a; 4a; 2 + 7a; + 7 
-3a; 3 3a; 2 + 3a; + 3 
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By the above theorem, the complexity of the sequence equals L — 3 and Ax 2 + 7x + 7 is a shortest length 
feedback polynomial, normalized to 7x 2 + x + 1. It is not unique: a parametrization of all normalized 
shortest length feedback polynomials of length 3 is given by 



7x 2 +x + l + a(x 3 + 3x), 



(18) 



where a G Zg. The complexity of the reciprocal sequence 6, 5, 1, 3, 6 equals L = 3 and x 3 + 3x serves as a 
minimal characteristic polynomial of 6, 5, 1, 3, 6. It is not unique, a parametrization of all monic minimal 
characteristic polynomials of 6, 5, 1, 3, 6 is given by 



x 3 + 3x + b(4x 2 + 7x + 7). 
where b G Zg. For comparison, in our notation, the algorithm of 



produces the matrix 



* * 

x 3 — 6x x 3 + 7x 2 + 4x 
-3x 3 5x 3 



3x 2 + 3 



rather than R 5 (x) . Thus it produces the shortest feedback polynomial x 3 + 7x 2 + 4.t + 1 . We verify that 
this polynomial is indeed in our parametrization ( 18), namely for the parameter choice a — 1. Note that 
it follows from the above parametrization |7?J) that x 3 + 7x 2 + Ax + 1 is the unique monic bidirectional 
minimal characteristic polynomial of 6,5, 1,3,6 that has constant term 1. 



5 Conclusions 

In his 1969 paper [T9] Massey shows that the Berlekamp-Massey algorithm is an efficient algorithm that 
yields a parametrization of all shortest feedback shift registers for a given finite sequence Si,...,Sn 
of numbers in a field. The main contribution of our paper is an iterative algorithm that yields such 
a parametrization when Si, . . . , Sn are numbers in a finite ring Z p r. Although relying on nontrivial 
theories of p-Grobner bases and p-linear dependence, the algorithm is highly practical as we illustrated in 
an example. It is thus shown in this paper that it is possible to have as much "grip" on this fundamental 
problem in the ring case as in the field case, despite the existence of zero divisors. 

Existing methods for the ring case, such as in [2H IS1 [HI EH HZ1 HO] yield a solution but no parametrization. 
For the field case (any field, not just Z p ), our algorithm turns out to be a normalized version of the 
Grobner-based iterative algorithm of [6]. 

We have shown that our algorithm simultaneously produces all shortest feedback shift registers for the re- 
ciprocal sequence Sn, . . . , Si. This then implies some additional results on bidirectional shortest feedback 
shift registers. For the field case these results imply findings in |25) . 

We illustrated our result with the Zg example 6,3,1,5,6 from 24J. The corresponding module has an 
"easy" minimal Grobner basis consisting of 2 elements — a more interesting example is its subsequence 
6, 3, 1 which has a minimal Grobner basis consisting of 4 elements. Using Theorem |4.12| we conclude from 



the matrix R 3 in Example 4.13 that the sequence 6, 3, 1 has highest complexity possible, namely L = 3, 
whereas its reciprocal sequence 1, 3, 6 has complexity L = 2 and minimal characteristic polynomial x 2 +7x. 
A parametrization of all monic minimal characteristic polynomials of 1, 3, 6 is given by x 2 + 7x + b{8x + 3), 
where b G Zg. This parametrization clearly does not contain any bidirectional characteristic polynomials. 

In our view, Grobner bases are ideal tools for these types of problems because they lead to transparent 
proofs. We emphasize that we only use Grobner bases conceptually, at no stage do we call upon complex 
computational packages to compute those bases. Instead we iteratively construct minimal Grobner bases 
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in an efficient way. In fact, since our approach combines transparency and efficiency, one may want to 
conclude that there is little reason for employing noniterative methods such as the euclidean algorithm 
or noniterative Grobner basis computation. 
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